Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 4 : Configuration Profiles for Intel AMT

Posted: January 2, 2014 in Configuration Manager, System Center Configuration Manager 2012
Tags: , , ,

If you want to enable the configuration capability of the Add-on for Intel AMT, you must define a configuration profile for Intel AMT. How you create this profile depends on if you want to use RCS Integration with Intel AMT:

  • If you want to use RCS Integration – The Add-on will define the packages to get the profile from the RCS and use the remote configuration method to configure Intel AMT. You must create the profile using the Intel SCS Console.
  • If you do not want to use RCS Integration – The Add-on will define the packages to get the profile from an XML file and use the host-based configuration method. You must create the profile using the Intel AMT Configuration Utility.

In this posting I’m not using the RCS Integration, so we will use the host-based configuration method.

To create the profile;

  1. From the Intel SCS package that you downloaded (see Part 1 of this series), open the ACU_Wizard folder.
  2. Double-click ACUWizard.exe. The Welcome window opens.
    1
  3. Click Create Settings to Configure Multiple Systems. The Profile Designer opens.
    2
  4. Click and define the folder where you want to save the profile. (I’ve selected D:\Setup\SCS Profiles in my lab environment)
  5. Click on the green plus button and The Getting Started window opens.
  6. In the Profile Description section, enter a description for the profile. This field is for informational purposes only. (I’ve used ThinkIT AMT Profile in this example)
  7. Make sure that the Configuration / Reconfiguration option is selected and click Next.3
  8. Select these check boxes:
    • Active Directory Integration
    • Access Control List (ACL)
    • Transport Layer Security
      4
  9. Click Next. The Active Directory Integration window opens.
  10. Click and select the Organizational Unit (OU) where the object will be stored in AD. During configuration, Intel SCS sends a request to the AD to create a Computer object representing the Intel AMT device. The object is added to the OU you defined in this field. I’ve selected the OU we created in Part 2 of this series; AMT Provisioned Computers
    5
  11. Click Next. The Access Control List window opens. This window lets you define users and their access privileges in Intel AMT.
  12. Define the user/group that will be used by SCCM and Intel SCS:
    1. Click Add. The User/Group Details window opens.
    2. Select Active Directory User/Group.
    3. Click Browse and select the Group that we created in Part 2 of this series; SCCM 2012 R2 AMT Administrators
    4. In Access Type section, select Both.
    5. In the Realms section, select the PT Administration check box and click OK. The User/Group Details window closes and the user is added to the list of users.
      6
  13. Click Next. The Transport Layer Security window opens. This window is used to define TLS settings to apply to the Intel AMT system. When TLS is enabled, the Intel AMT device authenticates itself with other applications using a server certificate.
  14. Make sure that Request certificate from Microsoft CA is selected and then:
    1. From the Certificate Authority drop-down list, select the certification authority.
    2. From the Server Certificate Template drop-down list, select the template that you defined for TLS in Part 3 of this series; AMT Client Configuration Certificate.
      7
  15. Click Next. The System Settings window opens.
  16. Define the password for the default Digest admin user built into each Intel AMT device, select Use the following password for all systems, and type in the password, I’ve used vu9ESes! in my lab.
    8
  17. Click Next. The Finish window opens.
  18. Save the profile:
    1. In the Name of XML file field, enter a name for this profile.
    2. In the password fields, enter a password that will be used to encrypt the profile. (I’ve used ThinkIT2014! in my lab example)
      9
  19. Click Finish. The profile is added to the list of profiles and saved to the location you specified in Step 4. We will use this profile when installing the Intel SCS add-on in a later part of this series.
    10

Previous Postings in this series:

Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 1 : Introduction
Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 2 : Active Directory
Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 3 : Certification Authority

Advertisements
Comments
  1. Rob S says:

    Great series. Keep them coming! I convinced our management a couple months ago that we need enable vPRO a few months ago, so these posts couldn’t be better timed

  2. […] the Password fields, type the password we defined in the profile in Part 4 of this series. (In my example this is […]

  3. […] enter the password in the Encryption password field. (This is the profile XML that we created in Part 4 of this […]

  4. […] Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 3 : Certification Authority Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 4 : Configuration Profiles for… Integrating Configuration Manager 2012 R2 with Intel SCS 9.0 – Part 5 : Configuring SCCM 2012 R2 […]

  5. […] When we configured the AMT Profile in Part 4, we left the option “Enable Intel AMT to respond to ping requests” enabled. This means […]

  6. Yan says:

    Your info is much appreciated; any chance I could get a draft of your RCS notes? I’m a newbie with this vPro / AMT and want to configure the ME password remotely and achieve touch less AMT/ME configuration so I’m assuming I need the RCS Integration. Is that correct?

    • To achieve touchless AMT/ME configuration you need the RCS Integration. I hope I’ll manage to get a post out on this soon, my external certificate for this purpose expired so I’m not able to post anything around the subject atm.

      • grayling says:

        I would like to request the same as Yan, please. Sorry, as you must be very busy and thank you for all you have already posted.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s